Add latest changes from gitlab-org/gitlab@15-3-stable-eev15.3.0-rc42

15 files changed, 115 insertions, 22 deletions

diff --git a/config/initializers/00_deprecations.rb b/config/initializers/00_deprecations.rb
new file mode 100644
index 00000000000..bfbd57c99fe
--- /dev/null
+++ b/config/initializers/00_deprecations.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# Disallowed deprecation warnings are silenced in production. For performance
+# reasons we even skip the definition of disallowed warnings in production.
+#
+# See
+# * https://gitlab.com/gitlab-org/gitlab/-/issues/368379 for a follow-up
+# * https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92557#note_1032212676
+#   for benchmarks
+#
+# In Rails 7 we will use `config.active_support.report_deprecations = false`
+# instead of this early return.
+if Rails.env.production?
+  ActiveSupport::Deprecation.silenced = true
+  return
+end
+
+# Ban the following deprecation warnings and turn them into runtime errors
+# in `development` and `test` environments.
+#
+# This way we prevent already fixed warnings from sneaking back into the codebase silently.
+rails7_deprecation_warnings = [
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/339739
+  /ActiveModel::Errors#keys is deprecated/,
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/342492
+  /Rendering actions with '\.' in the name is deprecated/,
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/333086
+  /default_hash is deprecated/,
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/369970
+  /Passing an Active Record object to `\w+` directly is deprecated/
+]
+
+ActiveSupport::Deprecation.disallowed_warnings.concat rails7_deprecation_warnings
diff --git a/config/initializers/0_log_deprecations.rb b/config/initializers/0_log_deprecations.rb
index 6ba18ea1136..b3ef391053e 100644
--- a/config/initializers/0_log_deprecations.rb
+++ b/config/initializers/0_log_deprecations.rb
@@ -6,6 +6,18 @@ def log_deprecations?
   via_env_var.nil? ? Rails.env.development? : via_env_var
 end
 
+# Add `:notify` behavior only if not already added.
+#
+# See https://github.com/Shopify/deprecation_toolkit/blob/1d0e6f5b99785806f715ce2e9a13dc50f453d1e1/lib/deprecation_toolkit.rb#L21
+def add_notify_behavior
+  notify = ActiveSupport::Deprecation::DEFAULT_BEHAVIORS.fetch(:notify)
+  behaviors = ActiveSupport::Deprecation.behavior
+
+  return if behaviors.find { |behavior| behavior == notify }
+
+  ActiveSupport::Deprecation.behavior = behaviors << notify
+end
+
 if log_deprecations?
   # Log deprecation warnings emitted through Kernel#warn, such as from gems or
   # the Ruby VM.
@@ -19,6 +31,13 @@ if log_deprecations?
 
   Warning.process('', actions)
 
+  # We may have silenced deprecations warnings in 00_deprecations.rb on production.
+  # Unsilence them again.
+  ActiveSupport::Deprecation.silenced = false
+
+  # If we want to consume emitted warnings from Rails we need to attach a notifier first.
+  add_notify_behavior
+
   # Log deprecation warnings emitted from Rails (see ActiveSupport::Deprecation).
   ActiveSupport::Notifications.subscribe('deprecation.rails') do |name, start, finish, id, payload|
     Gitlab::DeprecationJsonLogger.info(message: payload[:message].strip, source: 'rails')
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 2de4efbe8ef..b271cefadd9 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -136,9 +136,9 @@ if github_settings
       OmniAuth::Strategies::GitHub.default_options[:client_options]
     else
       {
-        "site"          => File.join(github_settings["url"], "api/v3"),
+        "site" => File.join(github_settings["url"], "api/v3"),
         "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
-        "token_url"     => File.join(github_settings["url"], "login/oauth/access_token")
+        "token_url" => File.join(github_settings["url"], "login/oauth/access_token")
       }
     end
 end
@@ -631,7 +631,7 @@ Settings.cron_jobs['loose_foreign_keys_cleanup_worker'] ||= Settingslogic.new({}
 Settings.cron_jobs['loose_foreign_keys_cleanup_worker']['cron'] ||= '*/1 * * * *'
 Settings.cron_jobs['loose_foreign_keys_cleanup_worker']['job_class'] = 'LooseForeignKeys::CleanupWorker'
 Settings.cron_jobs['ci_runner_versions_reconciliation_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['ci_runner_versions_reconciliation_worker']['cron'] ||= '20 * * * *'
+Settings.cron_jobs['ci_runner_versions_reconciliation_worker']['cron'] ||= '@daily'
 Settings.cron_jobs['ci_runner_versions_reconciliation_worker']['job_class'] = 'Ci::Runners::ReconcileExistingRunnerVersionsCronWorker'
 
 Gitlab.ee do
@@ -779,6 +779,11 @@ Gitlab.ee do
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner'] ||= Settingslogic.new({})
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner']['cron'] ||= "0 0 * * *"
   Settings.cron_jobs['licenses_reset_submit_license_usage_data_banner']['job_class'] = 'Licenses::ResetSubmitLicenseUsageDataBannerWorker'
+  Gitlab.com do
+    Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects'] ||= Settingslogic.new({})
+    Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects']['cron'] ||= "30 5 * * 0"
+    Settings.cron_jobs['disable_legacy_open_source_license_for_inactive_projects']['job_class'] = 'Projects::DisableLegacyOpenSourceLicenseForInactiveProjectsWorker'
+  end
 end
 
 #
diff --git a/config/initializers/active_record_data_types.rb b/config/initializers/active_record_data_types.rb
index f8f0a69622f..7f4bd32c221 100644
--- a/config/initializers/active_record_data_types.rb
+++ b/config/initializers/active_record_data_types.rb
@@ -45,9 +45,13 @@ class ActiveRecord::ConnectionAdapters::PostgreSQLAdapter
   NATIVE_DATABASE_TYPES[:datetime_with_timezone] = { name: 'timestamptz' }
 end
 
-# Ensure `datetime_with_timezone` columns are correctly written to schema.rb
-if (ActiveRecord::Base.connection.active? rescue false)
-  ActiveRecord::Base.connection.send :reload_type_map
+def connection_active?
+  ActiveRecord::Base.connection.active? # rubocop:disable Database/MultipleDatabases
+rescue StandardError
+  false
 end
 
+# Ensure `datetime_with_timezone` columns are correctly written to schema.rb
+ActiveRecord::Base.connection.send(:reload_type_map) if connection_active?
+
 ActiveRecord::Base.time_zone_aware_types += [:datetime_with_timezone]
diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb
index 31666c884bc..09dedd903f8 100644
--- a/config/initializers/database_config.rb
+++ b/config/initializers/database_config.rb
@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+Rails.application.reloader.to_run(:before) do
+  # Make sure connects_to for Ci::ApplicationRecord gets called outside of config/routes.rb first
+  # See InitializerConnections.with_disabled_database_connections
+  Ci::ApplicationRecord
+end
+
 Gitlab.ee do
   if Gitlab::Geo.geo_database_configured?
     # Make sure connects_to for geo gets called outside of config/routes.rb first
diff --git a/config/initializers/database_query_analyzers.rb b/config/initializers/database_query_analyzers.rb
index d1010e054af..2e73fbb79a2 100644
--- a/config/initializers/database_query_analyzers.rb
+++ b/config/initializers/database_query_analyzers.rb
@@ -3,9 +3,13 @@
 # Currently we register validator only for `dev` or `test` environment
 Gitlab::Database::QueryAnalyzer.instance.hook!
 Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(::Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics)
+Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(
+  ::Gitlab::Database::QueryAnalyzers::PreventCrossDatabaseModification
+)
 
-if Rails.env.test? || Gitlab::Utils.to_boolean(ENV['ENABLE_CROSS_DATABASE_MODIFICATION_DETECTION'], default: false)
-  Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(::Gitlab::Database::QueryAnalyzers::PreventCrossDatabaseModification)
+if Gitlab.dev_or_test_env?
+  query_analyzer = ::Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection
+  Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(query_analyzer)
 end
 
 Gitlab::Application.configure do |config|
diff --git a/config/initializers/default_url_options.rb b/config/initializers/default_url_options.rb
index 138a8e467c7..43e4ed5478f 100644
--- a/config/initializers/default_url_options.rb
+++ b/config/initializers/default_url_options.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 default_url_options = {
-  host:        Gitlab.config.gitlab.host,
-  protocol:    Gitlab.config.gitlab.protocol,
+  host: Gitlab.config.gitlab.host,
+  protocol: Gitlab.config.gitlab.protocol,
   script_name: Gitlab.config.gitlab.relative_url_root
 }
 
diff --git a/config/initializers/diagnostic_reports.rb b/config/initializers/diagnostic_reports.rb
new file mode 100644
index 00000000000..b9932822a0b
--- /dev/null
+++ b/config/initializers/diagnostic_reports.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+return unless Gitlab::Utils.to_boolean(ENV['GITLAB_DIAGNOSTIC_REPORTS_ENABLED'])
+
+# Any actions beyond this check should only execute outside of tests,
+# when running in application context (i.e. not in the Rails console or rspec)
+return unless Gitlab::Runtime.application?
+
+Gitlab::Cluster::LifecycleEvents.on_worker_start do
+  Gitlab::Memory::ReportsDaemon.instance.start
+end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 761904009bb..867f3fd47cc 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -90,6 +90,8 @@ Doorkeeper.configure do
   # Check out the wiki for more information on customization
   access_token_methods :from_access_token_param, :from_bearer_authorization, :from_bearer_param
 
+  hash_token_secrets using: '::Gitlab::DoorkeeperSecretStoring::Pbkdf2Sha512', fallback: :plain
+
   # Specify what grant flows are enabled in array of Strings. The valid
   # strings and the flows they enable are:
   #
diff --git a/config/initializers/lookbook.rb b/config/initializers/lookbook.rb
new file mode 100644
index 00000000000..4cb1b827286
--- /dev/null
+++ b/config/initializers/lookbook.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+if Rails.env.development?
+  # :nocov: Lookbook is only available in development
+  Lookbook::ApplicationController.class_eval do
+    content_security_policy false
+  end
+
+  Rails.application.configure do
+    config.lookbook.experimental_features = [:pages]
+    config.lookbook.page_paths = ["#{config.root}/spec/components/docs"]
+  end
+  # :nocov:
+end
diff --git a/config/initializers/memory_watchdog.rb b/config/initializers/memory_watchdog.rb
index 72779a18b10..82ad615ce25 100644
--- a/config/initializers/memory_watchdog.rb
+++ b/config/initializers/memory_watchdog.rb
@@ -13,7 +13,8 @@ Gitlab::Cluster::LifecycleEvents.on_worker_start do
       Gitlab::Memory::Watchdog::NullHandler.instance
     end
 
-  Gitlab::Memory::Watchdog.new(
+  watchdog = Gitlab::Memory::Watchdog.new(
     handler: handler, logger: Gitlab::AppLogger
-  ).start
+  )
+  Gitlab::BackgroundTask.new(watchdog).start
 end
diff --git a/config/initializers/rest-client-hostname_override.rb b/config/initializers/rest-client-hostname_override.rb
index 80b123ebe61..bb8995a4659 100644
--- a/config/initializers/rest-client-hostname_override.rb
+++ b/config/initializers/rest-client-hostname_override.rb
@@ -8,8 +8,8 @@ module RestClient
       def transmit(uri, req, payload, &block)
         begin
           ip, hostname_override = Gitlab::UrlBlocker.validate!(uri, allow_local_network: allow_settings_local_requests?,
-                                                               allow_localhost: allow_settings_local_requests?,
-                                                               dns_rebind_protection: dns_rebind_protection?)
+                                                                    allow_localhost: allow_settings_local_requests?,
+                                                                    dns_rebind_protection: dns_rebind_protection?)
 
           self.hostname_override = hostname_override
         rescue Gitlab::UrlBlocker::BlockedUrlError => e
diff --git a/config/initializers/static_files.rb b/config/initializers/static_files.rb
index 2879d48387d..a26d78f102b 100644
--- a/config/initializers/static_files.rb
+++ b/config/initializers/static_files.rb
@@ -21,7 +21,7 @@ if app.config.public_file_server.enabled
 
   # If webpack-dev-server is configured, proxy webpack's public directory
   # instead of looking for static assets
-  if Gitlab.config.webpack.dev_server.enabled && Rails.env.development?
+  if Gitlab.config.webpack.dev_server.enabled && Gitlab.dev_or_test_env?
     app.config.middleware.insert_before(
       Gitlab::Middleware::Static,
       Gitlab::Webpack::DevServerMiddleware,
diff --git a/config/initializers/truncato.rb b/config/initializers/truncato.rb
deleted file mode 100644
index dd0a8a313c3..00000000000
--- a/config/initializers/truncato.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-# Source: https://github.com/jorgemanrubia/truncato/issues/20#issuecomment-1135105823
-silence_warnings do
-  Truncato::ARTIFICIAL_ROOT_NAME = 'truncato-artificial-root'
-end
diff --git a/config/initializers/wikicloth_redos_patch.rb b/config/initializers/wikicloth_redos_patch.rb
index a0b7c2e2466..4ff545dd6f7 100644
--- a/config/initializers/wikicloth_redos_patch.rb
+++ b/config/initializers/wikicloth_redos_patch.rb
@@ -120,7 +120,7 @@ module WikiCloth
           key = params[0].to_s.strip
           key_options = params[1..].collect { |p| p.is_a?(Hash) ? { :name => p[:name].strip, :value => p[:value].strip } : p.strip }
           key_options ||= []
-          key_digest = Digest::SHA256.hexdigest(key_options.to_a.sort {|x,y| (x.is_a?(Hash) ? x[:name] : x) <=> (y.is_a?(Hash) ? y[:name] : y) }.inspect)
+          key_digest = Digest::SHA256.hexdigest(key_options.to_a.sort { |x,y| (x.is_a?(Hash) ? x[:name] : x) <=> (y.is_a?(Hash) ? y[:name] : y) }.inspect)
 
           return @options[:params][key] if @options[:params].has_key?(key)
           # if we have a valid cache fragment use it